<?php
	// Check crossing acess
	if (!defined('RIGHT_ACCESS') || !defined('ROOT_FOLDER'))
	{
		header('Content-Type: text/xml; charset=utf-8');
		echo '<?xml version="1.0"?>';
		echo '<atomtask>';
		echo '<request>error.request.invalid</request>';
		echo '</atomtask>';
		return;
	}	
	include_once(ROOT_FOLDER."db/connect_db.php");
	class Authorize
	{
		public $username;
		public $user_exist;
		public $user_id;
		public $token_time;
		public $login_time;
		public $token;
		public $token_status;
		public function __construct($user_id, $input_token)
		{
			$this->user_id = $user_id;
			$this->token = '';
			$this->user_exist = true;
			// First, check eixst as well as load user token information
			$result = DB::query('SELECT `username` FROM `user` WHERE `user`.`user_id`="'.$this->user_id.'"');
			if (!$result || mysql_num_rows($result) == 0)
			{
				$this->token_status = 'user_not_exist';
				$this->user_exist = false;
				return;
			}
			$item  = mysql_fetch_assoc($result);
			if (is_null($item) || is_null($item['username']))
			{
				$this->token_status = 'user_not_exist';
				$this->user_exist = false;
				return;
			}
			$this->username = $item['username'];
			$query_string ='SELECT `token_time`, `login_time`, `token`'
		    . 'FROM `user_token`'
		    . 'WHERE `user_token`.`user_id`="'.$this->user_id.'"';
			$result = DB::query($query_string);
			if (!$result || mysql_num_rows($result) == 0)
			{
				$this->token_status = 'token_not_exist';
				return;
			}
			$item = mysql_fetch_assoc($result);
			$this->token_time = date($item['token_time']);
			$this->login_time = date($item['login_time']);
			$this->token = $item['token'];
			// Check token
			if ($input_token != $this->token)
			{
				$this->token_status = 'invalid';
				return;
			}
			else
			{
				$current_time = new Datetime(date('Y-m-d H:i:s'));
				$token_time = new Datetime($this->token_time);
				$diff = $current_time->getTimestamp() - $token_time->getTimestamp();
				if ($diff > 60 )
					$this->token_status = 'expired';
				else
					$this->token_status = 'valid';
			}
		}
		public function renew_token()
		{
			// Check user exists
			if (!$this->user_exist)
				return false;
			// New token
			if ($this->token_status == "notexists")
				return false;
			$current_time = date("Y-m-d H:i:s");
			$new_token = Authorize::encode_token($this->username, $current_time, $this->login_time);
			$result = DB::query('UPDATE `user_token` SET `token_time`="'.$current_time.'", `token`="'.$new_token.'" WHERE `user_id`="'.$this->user_id.'"');
			if (!$result)
				return false;

			//re-binding data
			$this->token_time = $current_time;
			$this->token = $new_token;
			$this->token_status = 'valid';

			return true;
		}
		public function new_token()
		{
			// Check user exists
			if (!$this->user_exist)
				return false;
			// New token
			if ($this->token_status != "notexists")
			{
				// Delete token
				$result = DB::query('DELETE FROM `user_token` WHERE `user_id`="'.$this->user_id.'"');
			}
			$current_time = date("Y-m-d H:i:s");
			$new_token = Authorize::encode_token($this->username, $current_time, $current_time);
			$query_string = 'INSERT INTO `user_token`(`user_id`, `token_time`, `login_time`, `token`)';
			$query_string .= 'VALUES("'.$this->user_id.'", "'.$current_time.'", "'.$current_time.'", "'.$new_token.'")';
			$result = DB::query($query_string);
			if (!$result)
				return false;

			//re-binding data
			$this->token_time = $current_time;
			$this->login_time = $current_time;
			$this->token = $new_token;
			$this->token_status = 'valid';
			return true;
		}
		public function delete_token()
		{
			$query_string = 'DELETE FROM `user_token` WHERE `user_token`.`user_id` ="'.$this->user_id.'"';
			$result = DB::query($query_string);
			if (!$result)
				return false;
			return true;
		}
		public static function encode_token($username, $token_time, $login_time)
		{
			return md5(md5($username).md5($token_time).md5($login_time));
		}
	}
?>